CLAIMS 

What is Claimed is: 

1 . A method of creating a desired group, comprising: 

a) defining one or more private groups each private group configured for 
use by one or more first corresponding owners, each private group being unavailable 
to use by one or more non-owners; 

b) defining one or more public groups using at least one of said private 
groups, wherein each public group is configured for use by one or more second 
corresponding owners and said one or more non-owners; 

c) selecting one or more particular groups from a set of said one or more 
private groups and said one or more public groups, wherein said set is dependent on 
said one or more first corresponding owners; 

d) for each selected particular group, indicating whether said selected 
particular group is an additive type or a subtractive type; and 

e) associating said selected one or more particular groups and each 
indicated type such that to function as said desired group. 

2. A method as recited in Claim 1 wherein said one or more private groups 
includes a dynamic group. 

3. A method as recited in Claim 1 wherein said one or more private groups 
includes an exception group. 
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4. A method as recited in Claim 1 wherein each public group includes a 
public group component corresponding to each private group used to define said 
public group, wherein each public group component is configured for use by said one 

5 or more first corresponding owners and is unavailable to use by said one or more non- 
owners. 

5. A method as recited in Claim 1 wherein said desired group includes a 
y, plurality of users. 

1(5 

W 6. A method as recited in Claim 1 wherein said one or more first 

2; corresponding owners are the same as said one or more second corresponding 

•sr-r 

y: owners. 

ILw-L. 

:! |i 

w 

133 7. A method as recited in Claim 1 further comprising: 

associating one or more network security privileges with said desired group. 



8. A computer-readable medium comprising computer-executable 
instructions stored therein for performing a method of creating a desired group, 
20 comprising: 

a) defining one or more private groups each private group configured for 
use by one or more first corresponding owners, each private group being unavailable 
to use by one or more non-owners; 
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b) defining one or more public groups using at least one of said private 
groups, wherein each public group is configured for use by one or more second 
corresponding owners and said one or more non-owners; 

c) selecting one or more particular groups from a set of said one or more 
private groups and said one or more public groups, wherein said set is dependent on 
said one or more first corresponding owners; 

d) for each selected particular group, indicating whether said selected 
particular group is an additive type or a subtractive type; and 

e) associating said selected one or more particular groups and each 
indicated type such that to function as said desired group. 

9. A computer-readable medium as recited in Claim 8 wherein said one or 
more private groups includes a dynamic group. 

10. A computer-readable medium as recited in Claim 8 wherein said one or 
more private groups includes an exception group. 

11. A computer-readable medium as recited in Claim 8 wherein each public 
group includes a public group component corresponding to each private group used 
to define said public group, wherein each public group component is configured for 
use by said one or more first corresponding owners and is unavailable to use by said 
one or more non-owners. 
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12. A computer-readable medium as recited in Claim 8 wherein said desired 
group includes a plurality of users. 

13. A computer-readable medium as recited in Claim 8 wherein said one or 
5 more first corresponding owners are the same as said one or more second 

corresponding owners 



14. A computer-readable medium as recited in Claim 8 wherein said method 
further comprises: 

1CM associating one or more network security privileges with said desired group. 

hi 15. A method of creating a desired group, comprising: 

a) defining one or more components of one or more group types; 

b) selecting one or more particular components; 

15jf c) for each selected particular component, indicating whether said selected 

^ particular component is an additive type or a subtractive type; and 

d) associating said selected one or more particular components and each 
indicated type such that to function as said desired group. 

15 

20 %. A method as recited in Claim 15 wherein said one or more group types 

include at least one of a public group and a private group. 
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tr. A method as recited in Claim 16 wherein each private group is 
configured for use by one or more first corresponding owners, and wherein each 
private group is unavailable to use by one or more non-owners. 



5 r§. A method as recited in Claim 16 wherein each public group is configured 

for use by one or more second corresponding owners and one or more non-owners. 

1^3. A method as recited in Claim 16 wherein said private group is a dynamic 

jf group. 
1(H 

£ 1^). A method as recited in Claim 16 wherein said private group is an 

m exception group. 



C if 

y "24. A method as recited in Claim 16 wherein each public group is defined 

:: : s 
i: 

using at least one private group, and wherein each public group includes a public 
group component corresponding to each private group used to define said public 
group, wherein each public group component is configured for use by one or more first 
corresponding owners and is unavailable to use by one or more non-owners. 

20 -22.. A method as recited in Claim 15 wherein said desired group includes a 

plurality of users. 

\V 

2Q. A method as recited in Claim 15 further comprising: 
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associating one or more network security privileges with said desired group. 

2^. A computer-readable medium comprising computer-executable 
instructions stored therein for performing a method of creating a desired group, 
5 comprising: 

a) defining one or more components of one or more group types; 

b) selecting one or more particular components; 

c) for each selected particular component, indicating whether said selected 
y particular component is an additive type or a subtractive type; and 

1 (g d) associating said selected one or more particular components and each 

y indicated type such that to function as said desired group. 

2§k A computer- readable medium as recited in Claim 24 wherein said one or 
jl more group types include at least one of a public group and a private group. 

26. A computer-readable medium as recited in Claim 25 wherein each 
private group is configured for use by one or more first corresponding owners, and 
wherein each private group is unavailable to use by one or more non-owners. 

•VI 

20 C2^ A computer-readable medium as recited in Claim 25 wherein each public 

group is configured for use by one or more second corresponding owners and one or 
more non-owners. 
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28. A computer-readable medium as recited in Claim 25 wherein said private 
group is a dynamic group. 

at 

29v A computer-readable medium as recited in Claim 25 wherein said private 
group is an exception group. 

30^ A computer-readable medium as recited in Claim 25 wherein each public 
group is defined using at least one private group, and wherein each public group 
includes a public group component corresponding to each private group used to 
define said public group, wherein each public group component is configured for use 
by one or more first corresponding owners and is unavailable to use by one or more 
non-owners. 

34-, A computer-readable medium as recited in Claim 24 wherein said 
desired group includes a plurality of users. 

~3£. A computer-readable medium as recited in Claim 24 wherein said 
method further comprises: 

associating one or more network security privileges with said desired group. 

rj 

■"S3! A method of defining a public group, comprising: 

a) defining one or more private groups; 

b) selecting one or more particular private groups; 
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c) for each selected particular private group, indicating whether said 
selected particular private group is an additive type or a subtractive type; 

d) for each selected particular private group, generating a public group 
component; and 

5 e) generating said public group using each public group component and 

each indicated type corresponding to said selected one or more particular private 
groups. 

34^ A method as recited in Claim 33 wherein said one or more private groups 
1 CK includes a dynamic group. 

^ A method as recited in Claim 33 wherein said one or more private groups 
includes an exception group. 

1 4 

1 $5 A method as recited in Claim 33 wherein said public group includes a 

plurality of users. 

l&L A method as recited in Claim 33 wherein each private group and each 
public group component are configured for use by one or more first corresponding 
20 owners, and wherein each private group and each public group component are 
unavailable to use by one or more non-owners. 
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A method as recited in Claim 33 wherein said public group is configured 



for use by one or more second corresponding owners and one or more non-owners. 

^ A computer-readable medium comprising computer-executable 
5 instructions stored therein for performing a method of defining a public group, 
comprising: 

a) defining one or more private groups; 

b) selecting one or more particular private groups; 

c) for each selected particular private group, indicating whether said 
1 CP selected particular private group is an additive type or a subtractive type; 

fi d) for each selected particular private group, generating a public group 

jjj component; and 

e) generating said public group using each public group component and 
H each indicated type corresponding to said selected one or more particular private 
iff groups. 

vtfL A computer-readable medium as recited in Claim 39 wherein said one or 
more private groups includes a dynamic group. 




20 



fTTN A computer-readable medium as recited in Claim 39 wherein said one or 



more private groups includes an exception group. 
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A computer-readable medium as recited in Claim 39 wherein said public 
group includes a plurality of users. 



43^. A computer-readable medium as recited in Claim 39 wherein each 
5 private group and each public group component are configured for use by one or more 
first corresponding owners, and wherein each private group and each public group 
component are unavailable to use by one or more non-owners. 

H 4< A computer-readable medium as recited in Claim 39 wherein said public 

1CH group is configured for use by one or more second corresponding owners and one or 
2? more non-owners. 

5 - H 

f jN 

U ^45^ A component-based group structure comprising a plurality of private 

O groups and a plurality of public groups each public group having one or more public 
1|3 group components each public group component corresponding to one of said private 
groups, wherein a desired group is formed by selecting and associating one or more 
component groups from a set of said private groups and said public groups. 



A component-based group structure as recited in Claim 45 wherein said 
20 private groups and said public groups can be arranged into a plurality of group 
hierarchies. 
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^y^A component-based group structure as recited in Claim 45 wherein said 
private groups includes a dynamic group. 

4SL A component-based group structure as recited in Claim 45 wherein said 
5 private groups includes an exception group. 

A component-based group structure as recited in Claim 45 wherein each 
private group and each public group component are configured for use by one or more 
H> first corresponding owners, and wherein each private group and each public group 
1 Cp component are unavailable to use by one or more non-owners. 

i; A component-based group structure as recited in Claim 45 wherein said 

y, public group is configured for use by one or more second corresponding owners and 
O one or more non-owners. 

153 { 0 

154, A component-based group structure as recited in Claim 45 wherein said 
desired group is formed by selecting and associating at least one private group. 

£>2v A component-based group structure as recited in Claim 45 wherein said 
20 desired group is formed by selecting and associating at least one public group. 
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§3?) A component-based group structure as recited in Claim 45 wherein said 
desired group is formed by selecting and associating at least one private group and at 
least one public group. 



component-based group structure, comprising: 

a) providing a plurality of group types said group types including a private 
group, a public group component, and a public group; 
:u b) assigning a first group ownership attribute to said private group such that 

10C1 one or more first corresponding owners can use said private group and such that one 
W or more non-owners are unable to use said private group; 



jjjj c) assigning a second group ownership attribute to said public group 

y, component such that said one or more first corresponding owners can use said public 
b group component and such that said one or more non-owners are unable to use said 
15Q public group component; and 

d) assigning a third group ownership attribute to said public group such that 
one or more second corresponding owners can use said public group and such that 
said one or more non-owners can use said public group. 




20 "5^ A method as recited in Claim 54 wherein said one or more first 

corresponding owners are the same as said one or more second corresponding 
owners. 
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$4t A method of defining a plurality of group ownership attributes for use in a 



